Prime number generation for encryption

ABSTRACT

A device may select a first pseudorandom integer within a range of integers. The device may generate a first candidate prime, based on the first pseudorandom integer, for primality testing. Based on determining that the first candidate prime fails a primality test, the device may select a second pseudorandom integer within the range of integers. The device may generate a second candidate prime, based on the second pseudorandom integer, for primality testing. The device may determine whether the second candidate prime satisfies the primality test. The device may selectively: re-perform, based on the second candidate prime failing the primality test, the selecting the second pseudorandom integer, the generating the second candidate prime, and the determining whether the second candidate prime satisfies the primality test, or using, based on the second candidate prime satisfying the primality test, the second candidate prime as a prime integer in a cryptographic protocol.

RELATED APPLICATION

This application is a continuation of U.S. patent application Ser. No.16/852,172, filed Apr. 17, 2020 (now U.S. Pat. No. 11,411,732), which isincorporated herein by reference in its entirety.

BACKGROUND

Public-key algorithms may be based on computational difficulty ofvarious problems, such as integer factorization of two-prime compositeintegers and the difficulty of calculating discrete logarithms. Manycryptographic systems may be built around prime integers, such as theprime integers used in factoring based, finite field, or elliptic curvecryptography.

SUMMARY

According to some implementations, a method may include selecting, by adevice, a first pseudorandom integer within a range of integers;generating, by the device, a first candidate prime for primalitytesting, wherein the first candidate prime is based on a product ofknown prime integers and the first pseudorandom integer; determining, bythe device, that the first candidate prime fails a primality test;selecting, by the device and based on a Galois register or a linearfeedback shift register, a second pseudorandom integer within the rangeof integers; generating, by the device, a second candidate prime forprimality testing, wherein the second candidate prime is based on aproduct of the product of the known prime integers and the secondpseudorandom integer; determining, by the device, whether the secondcandidate prime satisfies the primality test; and selectively:re-performing, by the device and based on the second candidate primefailing the primality test, the selecting, using the Galois register orthe linear feedback shift register, the second pseudorandom integer, thegenerating the second candidate prime, and the determining whether thesecond candidate prime satisfies the primality test, or using, by thedevice and based on the second candidate prime satisfying the primalitytest, the second candidate prime as a prime integer in a cryptographicprotocol or in generation of another prime.

According to some implementations, a device may include one or morememories and one or more processors. In some implementations, the one ormore processors are communicatively coupled to the one or more memories.The one or more processors may be configured to: select a pseudorandominteger within a range of integers; check the pseudorandom integeragainst a sieve to determine whether a candidate prime, based on knownprime integers and the pseudorandom integer, is divisible by any of aset of sieving primes; selectively: re-perform, based on a determinationthat the candidate prime is divisible by any of the set of sievingprimes, the selection of the pseudorandom integer within the range ofintegers and the check of the pseudorandom integer against the sieve, orgenerate, based on a determination that the candidate prime is notdivisible by any of the set of sieving primes, the candidate prime forprimality testing, wherein the candidate prime is based on the knownprime integers and the pseudorandom integer; determine whether thecandidate prime satisfies a primality test; and selectively: re-perform,based on the candidate prime failing the primality test, the selectionof the pseudorandom integer, the check of the pseudorandom integeragainst the sieve, and the selective re-performance of the selection ofthe pseudorandom integer and the check of the pseudorandom integeragainst the sieve or the generation of the candidate prime, and thedetermination of whether the candidate prime satisfies the primalitytest, or use, based on the candidate prime satisfying the primalitytest, the candidate prime as a prime integer in a cryptographic protocolor in generation of a large prime that is greater than the candidateprime.

According to some implementations, a non-transitory computer-readablemedium may store one or more instructions. The one or more instructions,when executed by one or more processors of a device, may cause the oneor more processors to: perform a selection of a pseudorandom integerwithin a range of integers, the selection of the pseudorandom integercomprising: selection of a candidate pseudorandom integer; performanceof a check of the candidate pseudorandom integer against a sieve todetermine whether a candidate prime, that is based on the candidatepseudorandom integer, is divisible by any of a set of sieving primes;and selective: re-performance, based on a determination that thecandidate prime is divisible by any of the set of sieving primes, of theselection of the candidate pseudorandom integer and the check of thecandidate pseudorandom integer against the sieve, or generation, basedon a determination that the candidate prime is not divisible by any ofthe set of sieving primes, of the candidate prime for primality testing,wherein the candidate prime is based on a product of known primeintegers and the pseudorandom integer; and selectively: re-perform,based on the candidate prime failing a primality test, the performanceof the selection of the pseudorandom integer and the generation of thecandidate prime, or use, based on the candidate prime satisfying theprimality test, the candidate prime as a prime integer in acryptographic protocol or in generation of another prime.

BRIEF DESCRIPTION OF THE DRAWINGS

FIGS. 1A-1F are diagrams of one or more example implementationsdescribed herein.

FIG. 2 is a diagram of an example environment in which systems and/ormethods described herein may be implemented.

FIG. 3 is a diagram of example components of one or more devices of FIG.2 .

FIGS. 4-6 are flowcharts of example processes for prime numbergeneration for encryption.

DETAILED DESCRIPTION

The following detailed description of example implementations refers tothe accompanying drawings. The same reference numbers in differentdrawings may identify the same or similar elements.

Cryptographic systems may be built around prime integers. Somecryptographic systems (e.g., discrete logarithm based public keycryptographic systems) use a fixed prime integer as an element toprovide security for the systems. However, a malefactor may attempt tobreak into the system by attacking the fixed prime integer. Fixed primeintegers imply a very high value to cost ratio for these attacks,greatly increasing the motivation of attackers and risk to users.Furthermore, improvements in computing power over time may reduce theamount of time that may be required to successfully mount this attack.Once a successful attack occurs, discrete logarithms modulo the fixedprime integer become relatively easy to compute and the cryptographicsystem may be compromised.

According to some implementations described herein, a device may beconfigured to replace a prime integer based on satisfaction of a timingevent. In other words, prime integers may expire after a time period andthe device may be configured to replace the prime integer with areplacement prime integer. In a process of selecting prime integers, thedevice may generate a first candidate prime for primality testing withthe candidate integer based on a product of known prime integers and afirst pseudorandom integer. To conserve computing resources, the devicemay use a sieve to determine if the first pseudorandom integer isdivisible by any of a set of sieving primes (e.g., which may indicatethat the first candidate integer is not a prime integer). In this way,the device may conserve computing resources that may otherwise be usedto perform additional and/or more resource-intensive calculations for aprimality test (e.g., a Pocklington test) to determine if the firstcandidate prime is a prime integer.

In some implementations, the device may select a second pseudorandominteger (e.g., based on the first candidate prime failing the primalitytest, the sieve indicating that the first candidate prime is divisibleby any of the set of sieving primes, and/or the like) based on a Galoisregister, a linear feedback shift register (LFSR), and/or the like. Inthis way, the device may select pseudorandom integers (e.g., such thatthe candidate prime based on the pseudorandom integer and the product ofknown primes avoids consistent step sizes to eliminate bias for primeintegers following a prime gap, that selects each pseudorandom integerfrom a range without repeating, and/or the like) for testing with thesieve and/or generate candidate primes based on the pseudorandomselection process. In some implementations, the device may checksuccessive pseudorandom integers against the sieve before generating thesuccessive candidate primes, before performing the primality tests,and/or the like. By using a Galois register, an LFSR, and/or the like toselect pseudorandom integers to use in generating candidate primes forprimality testing, the device may increase entropy to a prime numberselection process, which may improve security.

FIGS. 1A-1F are diagrams of one or more example implementationsdescribed herein. As shown in FIGS. 1A-1F, the example implementation(s)100 may include a device that performs a prime integer generationprocess using Pocklington's theorem, a Pocklington test, a sieve, aGalois register, and/or the like.

A cryptographic system functionality may require a prime integer to havecertain properties. For example, systems based on a difficulty ofcomputing an r^(th) root (where r is a large prime) in a finite group,r² must divide the order of the group. If the group is (Z/PZ)*, thenp=hr²+1 for some integer h. Pocklington's theorem gives a primality testfor candidate integers of the form P=(hR+1) where a completefactorization of R is known. Pocklington's theorem may be an efficienttool for generating and/or testing candidate primes, with sieves, Galoisregisters, and/or linear feedback shift registers (LFSRs) to improveefficiency for determining primality and to increase randomness ofselections of candidate integers for testing.

In some implementations described herein, the device may use analgorithm for generating a prime integer. For example, the device mayuse Algorithm 1:

Algorithm 1   I: Choose a random starting value h_(L) < h₀ < h_(U) andset h = h₀. II: While P = (Rh + 1) fails primality test:  A: Incrementh;  B: If h = h0, then return 0 (FAILURE); III: Return P

In Algorithm 1, h_(L) and h_(U) are lower and upper bounds for h, withh_(L)≤h₀<h_(U)≤R². As described in Algorithm 1, the device may test acandidate prime for primality. Based on whether the candidate primesatisfies a primality test, the device may either increment a value hused to generate a new candidate prime to be tested, or the device mayoutput the tested candidate prime (e.g., based on finding that thecandidate prime satisfies the primality test).

As shown by reference number 102 in FIG. 1A, the device may generate afirst candidate prime for primality testing. In some implementations,the first candidate prime may be based on a product of known primeintegers, a first pseudorandom integer, an addend (e.g., 1 or a primenumber), one or more integer constraints, and/or the like. In someimplementations, the pseudorandom integer constraints may include arange of integers from which the first pseudorandom integer may beselected.

In some implementations, the first candidate prime may be based onEquation 1 and Equation 2:

P=hR+1  (Equation 1)

R=┌ _(k=1) ^(t) r _(k) ^(m) ^(k)   (Equation 2)

where h is a pseudorandom integer (e.g., the first pseudorandominteger), r_(k) are distinct prime integers, and m_(k) are positiveintegers. If certain size constraints hold on h in comparison to R,primality can be proven with only (t+1) modulo P exponentiations.

Using Pocklington's theorem based prime generation, the device may startwith smaller, product of known prime integers (R) to find larger primesusing h values that pass Pocklington's test. The device may repeat thesesteps to find successively larger primes.

In some cryptographic systems, the device may attempt to generate aprime integer that satisfies one or more constraints. Based on the oneor more constraints, the device may generate the first candidate primefor primality testing such that the first candidate prime satisfies theone or more constraints.

In some implementations, the one or more constraints may include a sizeconstraint. A size of the pseudorandom integer may be required to bewithin a given bit range, as shown in Equation 3.

bit range: 2B<P<2B+1  (Equation 3)

In Equation 3, B may be a number of bits as determined by securitystandards and user requirements. A larger B increases a computationalcost of field based attacks such as a number field sieve and variants ofthe number field sieve.

In some implementations, the one or more integer constraints may includea group structure constraint. Security and functional requirements for acryptosystem may dictate a structure of a multiplicative group (e.g.,constraints on factorization of (P−1)). For example, the requirementsmay indicate that there must be at least one large prime factor (r) of(P−1), with r>2b. In some implementations, b may be a bit count asdetermined by current security standards. A larger b may increase acomputational cost of field based attacks (e.g., a number field sieve)and group based attacks on the prime integer.

As shown by FIG. 1B, and by reference number 104, the device maydetermine that the first candidate prime fails a primality test. In someimplementations, the primality test may include application of aPocklington test and/or another primality test. In some implementations,the Pocklington Test may be applied based on a determination that thepseudorandom integer (h) is not divisible by any of a set of sievingprimes (e.g., using a sieve to determine whether an h value used togenerate a candidate prime is divisible by any of the set of sievingprimes). In some aspects, the device may check subsequent iterations ofthe pseudorandom integer (h) against the sieve after determining thatthe first candidate prime fails the primality test. In this way, thedevice may conserve computing resources that may otherwise have beenused to perform the Pocklington Test on candidate primes that may befiltered out by the sieve.

Pocklington's theorem states that if a candidate integer (P) passes atest, then all factors of the candidate integer have similar attributesto the candidate integer. In other words, if q₁ is a factor of P, then:

q _(j)=(Rh _(j)+1) with h₁≥1, where h₁ is a value of h  (Equation 4)

If P is composite (e.g., not a prime), it must have at least two factors(q₁) of this form. These factors may force h to be fairly large (e.g.,greater than R). If h≤R, then P is not composite and must be prime.

Extensions on the bounds of h may increase flexibility of Equation 4.Increasing the bounds of h may increase potential for entropy in agenerated prime integer and/or reduce computing resources consumed toapply Equation 4 by reducing necessary steps (i.e., to allow for fastergrowth) and required exponentiations.

As shown by reference number 106 in FIG. 1C, the device may generate asecond candidate prime for primality testing (e.g., based on adetermination that the first candidate prime failed the primality test).In some implementations, the device may generate the second candidateprime for primality testing based on a known number, a secondpseudorandom integer (e.g., a second iteration of h, an addend, integerconstraints, and/or the like. For example, the device may generate thesecond candidate prime based on Algorithm 1 with the product of knownintegers R, the second pseudorandom integer h, the addend 1, and integerconstraints (e.g., constraints for h).

As shown by reference 108, the device may generate the secondpseudorandom integer based on a Galois register, an LFSR, the firstpseudorandom integer, a sieve, and/or the like. In some implementations,the device may be configured to step through values of h within a rangeof values such that values of h are not repeating, incrementing h may beinclude random or pseudorandom selections of h, and h may be bounded(e.g., based on bounds of R and/or P).

Galois registers and/or LFSRs may require a relatively small amount ofcomputing resources and imitate a random number generator in adeterministic way. Galois registers may satisfy randomness tests and maycycle over all possible non-zero values (e.g., without repeatingvalues). If a k bit Galois register or LFSR starts at an initial value(e.g., based on a random selection process, a pseudorandom selectionprocess, user input, input from another device, and/or the like)0<reg<2^(k), the Galois register or LFSR can be stepped 2^(k)−1 timesbefore it repeats. Galois registers may use polynomials, polynomialarithmetic, and/or modular polynomial arithmetic to generatepseudorandom outputs. The following Algorithm 2 iterates through aGalois register, given a current non-zero initial state reg₀ and currentstate reg.

Algorithm 2 I: Constants:  ply = integer representing lower kcoefficients of a degree k primitive   binary polynomial  mask = 2^(k−1)II: If reg = 0: Return ERROR III: If reg&mask = 0: reg = reg << 1 IV:Else: reg = ((reg ⊕ mask) << 1) ⊕ ply V: If reg = reg₀: Set reg = 0 VI:Return

As shown in Algorithm 2, the device may use a Galois register to modifyreg by stepping reg with a fixed, degree k polynomial. As shown atoperation II, Algorithm 2 will output an error indication if the reg=0because the register cannot be zero. As shown at operation III, thedevice may shift the register value one bit to the left (e.g.,multiplying by 2) if the operation reg&mask=0. As shown at operation IV,if reg&mask≠0, the device may shift the register value one bit to theleft and reduces. As shown at operation V, if the reg=reg₀ (e.g., thecurrent register value is equal to the starting register value), theregister has run out of possible register values and the register valueis set to 0. The value of the register during each iteration may be usedto increment h through iterations of h. In some implementations, if theGalois register or LFSR fails to identify a value of h that can be usedto generate a prime integer, the device may modify h_(U) (e.g., byincreasing h_(U) by 1 or 1<<B, where B is a bit count of a maximum valueof h or a bit count of a maximum value of h+h_(L)).

In some implementations, the device may generate and use a sieve toreduce computing costs associated with trial division. The device maygenerate the sieve over a size of the LFSR or Galois register. If theLFSR or the Galois register is k-bits long, and 64-bit words are used tostore the sieve data, then 2^(k−6) words may be needed for the sieve.For k=16, the sieve may require a 1024 bit array of 64-bit words. Sizerestriction of the sieve may bound a size of the LFSR or Galoisregister. In some implementations, the LFSR or Galois register may notcover the entire h range. Instead, h may be divided into sections, eachk-bits long.

Based on the size constraints on h (h_(L)≤h₀<h_(U)), h can be rewrittenas h=h_(L)+h′, where 0≤h′<h_(R) and h_(R)=(h_(U)−h_(L)). A quantity ofacceptable values for h′ may be divided into k-bit words. The k-bitwords may be initialized with non-zero values, then incremented usingthe LFSR or the Galois register to find subsequent values of h andintegers for primality testing. If

${s = \left\lfloor \frac{\lg h_{R}}{k} \right\rfloor},$

then:

$\begin{matrix}{{h^{\prime} = {{h^{(s)}2^{sk}} + {\sum_{j = 0}^{s - 1}{h^{(j)}2^{jk}}}}},{{{where}{}0} \leq h^{(j)} < {2^{k}{for}0} \leq j < {s{and}{}0} \leq h^{(s)} < \left\lfloor \frac{h_{R}}{2^{sk}} \right\rfloor}} & {{Equation}5}\end{matrix}$

Using Algorithm 2 and/or Equation 5, the device may increment h in aclock-like process to generate integers for primality testing. In someimplementations, the device may use Algorithm 3, below, for extendedLFSR or Galois incrementing (e.g., stepping). In Algorithm 3, the devicemay provide input of h₀=h₀ ^((s))2^(sk)+Σ_(j=0) ^(s−1)h₀ ^((j))2^(jk)for starting register values h₀ ^((j))≠0 for 0≤j≤s andh′=h^((s))2^(sk)+Σ_(j=0) ^(s−1)h^((j))2^(jk) for a current registervalue, h^((j))≠0 for 0≤j≤s.

Algorithm 3   I: Set j = (s − 1) II: While (J ≥ 0) AND a call toAlgorithm 2 returns an error:  A: Subtract one from j: j = j − 1 III: Ifj < 0: return ERROR IV: Else return

The device may use Algorithm 3 to modify h′ and return an error ifboundaries have been exhausted. The device may use Algorithm 4,described below, to check integers h against a sieve as part ofprimality testing (e.g., to determine which integers should be used togenerate candidate primes), which may occur before applying aPocklington test. The device may provide input for Algorithm 4,including a small prime set (S={q}1≤i≤s), a known prime factorization ofP=hR+1 (R), a quantity of bits to sieve (k), and fixed portions of h (w,{h^((j))}) with 0≤j≤s and j≠w. Algorithm 4 may output a k long bit arraywith good h values (not divisible by elements of the small prime set)set to ‘on.’

Algorithm 4   I: Create a k-long bit array A and set all k bits of A to‘on’ (set to 1) II: For each prime q_(i) ∈ S   ${A:{h^{(w)}\lbrack i\rbrack}} = {{- \left( {\left( {R2^{wk}} \right)^{- 1} + {\sum\limits_{\underset{j \neq w}{j = 0}}^{s}{h^{(j)}2^{{({j - w})}k}}} + {h_{L}2^{- {wk}}}} \right)}{mod}q_{i}}$  B: Set v = h^((w))[i]   C: While v < 2^(k):     1: Turn off bit v of A    2: Set v = v + q_(i) III: Return A

Algorithm 5, below, may be used to determine primality. In Algorithm 5,the device may provide inputs including an indication of whether thedevice had already applied a sieve to a pseudorandom integer h used togenerate a candidate prime P and a set of devisors {r_(j)|1≤j≤t} (P−1),ordered with r_(j) ^(m) ^(j) >r_(j+1) ^(m) ^(j+1)

Algorithm 5 I: Set Status = unsure II: If wasSieved = false: Test forsmall primes divisors — return composite if a divisor is found III: Setg = 2 IV: While status = unsure:  A: If g^(p−1) ≢ 1 mod P: Set status =composite  B: j = l  C: rem = (P − 1)  D: Set:divisors = 1  E: Whilestatus = unsure and divisors < rem² and j ≤ t:   1: Compute x = g^(P/r)^(j) − 1 mod P   2: If gcd(x, P) = 1:    a: While rem = 0 mod r_(j): Set    i: rem = rem/r_(j)     ii: divisors = divisors · r_(j)    b: Else:Add one to g: g = g + 1, and set divisors = 0  F: If rem ≤ divisors:status = prime  G: Else if rem² ≤ divisors   1: status =PocklingtonExtension (h, R) V: return status

As shown at operation II, Algorithm 5 may check for small divisors ifneeded (e.g., if the sieve was not applied). As shown at operation III,Algorithm 5 may set a base for Pocklington's tests. As shown atoperation IV, Algorithm 5 may attempt to determine whether the testedinteger satisfies one or more elements of a primality test. As shown atoperation IV(A), Algorithm 5 may determine that if the tested integerfails a Fermat test, the tested integer is not prime. Operation IV(B)shows that Algorithm 5 may set an index for prime divisors of R to 1. Asshown at operation IV(C), Algorithm 5 may allow all powers of R to beremoved from (P−1). Operation IV(D) shows that Algorithm 5 may store asize of divisors with (P−1)=rem divisors. As shown at operationIV(E)(1), Algorithm 5 may apply Pocklington's second test. OperationIV(E)(2) shows that Algorithm 5 may remove all powers of r_(j) from remand insert all powers of r_(j) into divisors. As shown at operationIV(E)(b), Algorithm 5 may try a different base based on a likelihoodthat the tested integer is prime. At operation IV(F), Algorithm 5 maydetermine if the tested integer satisfies a simple Pocklington's test.

As shown by operation IV(G), if the tested integer fails the simplePocklington's test, Algorithm 5 may determine if the tested integersatisfies a Pocklington Extension algorithm. The Pocklington Extensionalgorithm is shown below as Algorithm 6. The device may input a randomportion of the tested integer (h) and a known portion of the testedinteger (R). Algorithm 6 may output true if the tested integer is primeor false if the tested integer is composite.

Algorithm 6 I: Constants: A small set of primes {q_(j)| 0 ≤ j < 1000},with q₀ = 5, q₁ = 7, and so on. II: Set status = false III: Set b = (hmod R)²${{IV}:{Set}a} = {4 \cdot \left\lbrack \frac{h}{R} \right\rbrack}$ V: Ifb < a: neg = true; val = a − b VI: Else neg = false; val = b − a VII:Set j = 0 VII: While j < 1000 and status = false   ${A:{Compute}v} = {{val}^{\frac{q_{j} - 1}{2}}{mod}q_{j}}$   B: If negis true:     1: If (q_(j) − 1)/2 is odd and v=1: status = true     2:Else (q_(j) − 1)/2 is even and v = q_(j) − 1: status = true   C: Else ifv = (q_(j) − 1): status = true   D: j = j + 1

As shown at operation II, the status may indicate whether the device hasdetermined, using Algorithm 6, that the tested integer is prime.Initially, the status may be set to false until the tested integer failsa quadratic residue test. At operation V, Algorithm 6 may determine adifference between b and a and accounts for the difference beingnegative or positive. As shown at operation VIII(B), Algorithm 6 maydetermine whether the tested integer is prime based on the differencebetween b and a being negative. As shown at operation VIII(C), Algorithm6 may determine whether the tested integer is prime based on thedifference between b and a being positive.

As shown by reference number 110 in FIG. 1D, the device may determinewhether the second candidate prime satisfies the primality test. In someimplementations, the device may determine whether the second candidateprime satisfies the primality test based on application of the sieve,application of the Pocklington Test, and/or the like. In someimplementations, based on the device failing the primality test, thedevice may re-perform generating the second pseudorandom integer,generating the second candidate prime, and determining whether thesecond candidate prime satisfies the primality test. In other words,based on the second candidate prime failing the primality test, thedevice may continue searching for a prime integer (e.g., using theprocess described for generating the second candidate prime and testingthe second candidate prime).

As shown by reference number 112 in FIG. 1E, the device may use thesecond candidate prime as a prime integer in a cryptographic protocol orin generation of another prime (e.g., larger prime. For example, thedevice may use the prime integer to generate a public key, generate aprivate key, authenticate a key, establish a shared key, and/or thelike.

As shown by reference number 114 in FIG. 1F, the device may replace theprime integer with a replacement prime integer. In some implementations,the device may determine to replace the second candidate prime with areplacement prime integer based on satisfaction (e.g., expiration) of atiming threshold. In some implementations, the device may repeat theprocess of searching for a prime integer until the device determinesthat a candidate integer satisfies the primality test.

As shown by reference number 116, the device may use the replacementprime integer in a cryptographic protocol or in generation of anotherprime. For example, the device may use the replacement prime integer togenerate a public key, generate a private key, authenticate a key,establish a shared key, and/or the like

As indicated above, FIGS. 1A-1F are provided merely as one or moreexamples. Other examples may differ from what is described with regardto FIGS. 1A-1F.

FIG. 2 is a diagram of an example environment 200 in which systemsand/or methods described herein may be implemented. As shown in FIG. 2 ,environment 200 may include a first device 210, a second device 220, anda network 230. Devices of environment 200 may interconnect via wiredconnections, wireless connections, or a combination of wired andwireless connections.

The first device 210 includes one or more devices capable of receiving,generating, storing, processing, and/or providing information associatedwith key exchanges, encrypting and/or decrypting communications, and/orthe like. The first device 210 may include a communication device and/ora computing device. For example, the first device 210 may include awireless communication device, a user equipment (UE), a mobile phone(e.g., a smart phone or a cell phone, among other examples), a laptopcomputer, a tablet computer, a handheld computer, a desktop computer, agaming device, a wearable communication device (e.g., a smart wristwatchor a pair of smart eyeglasses, among other examples), an Internet ofThings (IoT) device, or a similar type of device. The first device 210may communicate with one or more other devices of environment 200, asdescribed elsewhere herein.

The second device 220 includes one or more devices capable of receiving,generating, storing, processing, and/or providing information associatedwith key exchanges, encrypting and/or decrypting communications, and/orthe like. The second device 220 may include a communication deviceand/or a computing device. For example, the second device 220 mayinclude a wireless communication device, a UE, a mobile phone (e.g., asmart phone or a cell phone, among other examples), a laptop computer, atablet computer, a handheld computer, a desktop computer, a gamingdevice, a wearable communication device (e.g., a smart wristwatch or apair of smart eyeglasses, among other examples), an IoT device, or asimilar type of device. The second device 220 may communicate with oneor more other devices of environment 200, as described elsewhere herein.

The network 230 includes one or more wired and/or wireless networks. Forexample, the network 230 may include a cellular network (e.g., a fifthgeneration (5G) network, a fourth generation (4G) network, a long-termevolution (LTE) network, a third generation (3G) network, a codedivision multiple access (CDMA) network, and/or the like), a public landmobile network (PLMN), a local area network (LAN), a wide area network(WAN), a metropolitan area network (MAN), a telephone network (e.g., thePublic Switched Telephone Network (PSTN)), a private network, an ad hocnetwork, an intranet, the Internet, a fiber optic-based network, and/orthe like, and/or a combination of these or other types of networks. Thenetwork 230 enables communication among the devices of environment 200.

In some implementations, the first device 210 may transmit a firstpublic key to the second device 202 via the network 230. The seconddevice 220 may transmit a second public key to the first device 210. Thefirst device 210 and the second device 220 may determine a shared secret(e.g., a shared key) based on the first public key and the second publickey. The first device 210 and the second device 220 may encrypt data,communicate encrypted data, and/or decrypt data based on the sharedsecret.

The number and arrangement of devices and networks shown in FIG. 2 areprovided as one or more examples. In practice, there may be additionaldevices and/or networks, fewer devices and/or networks, differentdevices and/or networks, or differently arranged devices and/or networksthan those shown in FIG. 2 . Furthermore, two or more devices shown inFIG. 2 may be implemented within a single device, or a single deviceshown in FIG. 2 may be implemented as multiple, distributed devices.Additionally, or alternatively, a set of devices (e.g., one or moredevices) of environment 200 may perform one or more functions describedas being performed by another set of devices of environment 200.

FIG. 3 is a diagram of example components of a device 300. Device 300may correspond to the first device 210 and/or the second device 220. Insome implementations, the first device 210 and/or the second device 220may include one or more devices 300 and/or one or more components ofdevice 300. As shown in FIG. 3 , device 300 may include a bus 310, aprocessor 320, a memory 330, a storage component 340, an input component350, an output component 360, and a communication interface 370.

Bus 310 includes a component that permits communication among multiplecomponents of device 300. Processor 320 is implemented in hardware,firmware, and/or a combination of hardware and software. Processor 320takes the form of a central processing unit (CPU), a graphics processingunit (GPU), an accelerated processing unit (APU), a microprocessor, amicrocontroller, a digital signal processor (DSP), a field-programmablegate array (FPGA), an application-specific integrated circuit (ASIC), oranother type of processing component. In some implementations, processor320 includes one or more processors capable of being programmed toperform a function. Memory 330 includes a random access memory (RAM), aread only memory (ROM), and/or another type of dynamic or static storagedevice (e.g., a flash memory, a magnetic memory, and/or an opticalmemory) that stores information and/or instructions for use by processor320.

Storage component 340 stores information and/or software related to theoperation and use of device 300. For example, storage component 340 mayinclude a hard disk (e.g., a magnetic disk, an optical disk, and/or amagneto-optic disk), a solid state drive (SSD), a compact disc (CD), adigital versatile disc (DVD), a floppy disk, a cartridge, a magnetictape, and/or another type of non-transitory computer-readable medium,along with a corresponding drive.

Input component 350 includes a component that permits device 300 toreceive information, such as via user input (e.g., a touch screendisplay, a keyboard, a keypad, a mouse, a button, a switch, and/or amicrophone). Additionally, or alternatively, input component 350 mayinclude a component for determining location (e.g., a global positioningsystem (GPS) component) and/or a sensor (e.g., an accelerometer, agyroscope, an actuator, another type of positional or environmentalsensor, and/or the like). Output component 360 includes a component thatprovides output information from device 300 (via, e.g., a display, aspeaker, a haptic feedback component, an audio or visual indicator,and/or the like).

Communication interface 370 includes a transceiver-like component (e.g.,a transceiver, a separate receiver, a separate transmitter, and/or thelike) that enables device 300 to communicate with other devices, such asvia a wired connection, a wireless connection, or a combination of wiredand wireless connections. Communication interface 370 may permit device300 to receive information from another device and/or provideinformation to another device. For example, communication interface 370may include an Ethernet interface, an optical interface, a coaxialinterface, an infrared interface, a radio frequency (RF) interface, auniversal serial bus (USB) interface, a Wi-Fi interface, a cellularnetwork interface, and/or the like.

Device 300 may perform one or more processes described herein. Device300 may perform these processes based on processor 320 executingsoftware instructions stored by a non-transitory computer-readablemedium, such as memory 330 and/or storage component 340. As used herein,the term “computer-readable medium” refers to a non-transitory memorydevice. A memory device includes memory space within a single physicalstorage device or memory space spread across multiple physical storagedevices.

Software instructions may be read into memory 330 and/or storagecomponent 340 from another computer-readable medium or from anotherdevice via communication interface 370. When executed, softwareinstructions stored in memory 330 and/or storage component 340 may causeprocessor 320 to perform one or more processes described herein.Additionally, or alternatively, hardware circuitry may be used in placeof or in combination with software instructions to perform one or moreprocesses described herein. Thus, implementations described herein arenot limited to any specific combination of hardware circuitry andsoftware.

The number and arrangement of components shown in FIG. 3 are provided asan example. In practice, device 300 may include additional components,fewer components, different components, or differently arrangedcomponents than those shown in FIG. 3 . Additionally, or alternatively,a set of components (e.g., one or more components) of device 300 mayperform one or more functions described as being performed by anotherset of components of device 300.

FIG. 4 is a flow chart of an example process 400 for prime numbergeneration for encryption. In some implementations, one or more processblocks of FIG. 4 may be performed by a device (e.g., first device 210).In some implementations, one or more process blocks of FIG. 4 may beperformed by another device or a group of devices separate from orincluding the device, such as a second device (e.g., second device220]), and/or the like.

As shown in FIG. 4 , process 400 may include selecting a firstpseudorandom integer within a range of integers (block 410). Forexample, the device (e.g., using processor 320, memory 330, storagecomponent 340, input component 350, output component 360, communicationinterface 370, and/or the like) may select a first pseudorandom integerwithin a range of integers, as described above.

As further shown in FIG. 4 , process 400 may include generating a firstcandidate prime for primality testing, wherein the first candidate primeis based on a product of known prime integers and the first pseudorandominteger (block 420). For example, the device (e.g., using processor 320,memory 330, storage component 340, input component 350, output component360, communication interface 370, and/or the like) may generate a firstcandidate prime for primality testing, as described above. In someimplementations, the first candidate prime is based on a product ofknown prime integers and the first pseudorandom integer.

As further shown in FIG. 4 , process 400 may include determining thatthe first candidate prime fails a primality test (block 430). Forexample, the device (e.g., using processor 320, memory 330, storagecomponent 340, input component 350, output component 360, communicationinterface 370, and/or the like) may determine that the first candidateprime fails a primality test, as described above.

As further shown in FIG. 4 , process 400 may include selecting, based ona Galois register or a linear feedback shift register, a secondpseudorandom integer within the range of integers (block 440). Forexample, the device (e.g., using processor 320, memory 330, storagecomponent 340, input component 350, output component 360, communicationinterface 370, and/or the like) may select, based on a Galois registeror a linear feedback shift register, a second pseudorandom integerwithin the range of integers, as described above.

As further shown in FIG. 4 , process 400 may include generating a secondcandidate prime for primality testing, wherein the second candidateprime is based on a product of the product of the known prime integersand the second pseudorandom integer (block 450). For example, the device(e.g., using processor 320, memory 330, storage component 340, inputcomponent 350, output component 360, communication interface 370, and/orthe like) may generate a second candidate prime for primality testing,as described above. In some implementations, the second candidate primeis based on a product of the product of the known prime integers and thesecond pseudorandom integer.

As further shown in FIG. 4 , process 400 may include determining whetherthe second candidate prime satisfies the primality test (block 460). Forexample, the device (e.g., using processor 320, memory 330, storagecomponent 340, input component 350, output component 360, communicationinterface 370, and/or the like) may determine whether the secondcandidate prime satisfies the primality test, as described above.

As further shown in FIG. 4 , process 400 may include selectively:re-performing, based on the second candidate prime failing the primalitytest, the selecting, using the Galois register or the linear feedbackshift register, the second pseudorandom integer, the generating thesecond candidate prime, and the determining whether the second candidateprime satisfies the primality test, or using, based on the secondcandidate prime satisfying the primality test, the second candidateprime as a prime integer in a cryptographic protocol or in generation ofanother prime (block 470). For example, the device (e.g., usingprocessor 320, memory 330, storage component 340, input component 350,output component 360, communication interface 370, and/or the like) mayselectively re-perform, based on the second candidate prime failing theprimality test, the selecting, using the Galois register or the linearfeedback shift register, the second pseudorandom integer, the generatingthe second candidate prime, and the determining whether the secondcandidate prime satisfies the primality test, or using, based on thesecond candidate prime satisfying the primality test, the secondcandidate prime as a prime integer in a cryptographic protocol or ingeneration of another prime, as described above.

Process 400 may include additional implementations, such as any singleimplementation or any combination of implementations described belowand/or in connection with one or more other processes describedelsewhere herein.

In a first implementation, the primality test comprises a Pocklingtontest.

In a second implementation, alone or in combination with the firstimplementation, process 400 includes checking the second pseudorandominteger against a sieve to determine whether the second candidate prime,that is based on the product of the known prime integers and the secondpseudorandom integer is divisible by any of a set of sieving primes; andselectively: determining that the second candidate prime fails theprimality test based on the second candidate prime being divisible byany of the set of sieving primes, or performing the primality test basedon the second candidate prime not being divisible by any of the set ofsieving primes.

In a third implementation, alone or in combination with one or more ofthe first and second implementations, the first candidate prime isfurther based on adding 1 to the product of the product of the knownprime integers and the first pseudorandom integer.

In a fourth implementation, alone or in combination with one or more ofthe first through third implementations, the first pseudorandom integeris a pseudorandom starting value within the range of integers.

In a fifth implementation, alone or in combination with one or more ofthe first through fourth implementations, the second pseudorandominteger is based on the first pseudorandom integer.

In a sixth implementation, alone or in combination with one or more ofthe first through fifth implementations, process 400 includesdetermining, based on satisfaction of a timing threshold, to replace theprime integer with a replacement prime integer; selecting a thirdpseudorandom integer within the range of integers; generating a thirdcandidate prime for primality testing, wherein the third candidate primeis based on a product of the product of the known prime integers and thethird pseudorandom integer; determining that the third candidate primefails the primality test; selecting, using the Galois register or thelinear feedback shift register, a fourth pseudorandom integer within therange of integers; generating a fourth candidate prime for primalitytesting, wherein the fourth candidate prime is based on a product of theproduct of the known prime integers and the fourth pseudorandom integer;determining whether the fourth candidate prime satisfies the primalitytest; and selectively: re-performing, based on the fourth candidateprime failing the primality test, the selecting, using the Galoisregister or the linear feedback shift register, the fourth pseudorandominteger, generating the fourth candidate prime, and the determiningwhether the fourth candidate prime satisfies the primality test, orusing, by the device and based on the fourth candidate prime satisfyingthe primality test, the fourth candidate prime as the replacement primeinteger in the cryptographic protocol or in generation of larger prime.

In a seventh implementation, alone or in combination with one or more ofthe first through sixth implementations, using the prime integer in acryptographic protocol comprises: generating a private key, generating apublic key, authenticating a key received from another device, orestablishing a shared key with another device.

Although FIG. 4 shows example blocks of process 400, in someimplementations, process 400 may include additional blocks, fewerblocks, different blocks, or differently arranged blocks than thosedepicted in FIG. 4 . Additionally, or alternatively, two or more of theblocks of process 400 may be performed in parallel.

FIG. 5 is a flow chart of an example process 500 for prime numbergeneration for encryption. In some implementations, one or more processblocks of FIG. 5 may be performed by a device (e.g., first device 210).In some implementations, one or more process blocks of FIG. 5 may beperformed by another device or a group of devices separate from orincluding the device, such as a second device (e.g., the second device220), and/or the like.

As shown in FIG. 5 , process 500 may include selecting a pseudorandominteger within a range of integers (block 510). For example, the device(e.g., using processor 320, memory 330, storage component 340, inputcomponent 350, output component 360, communication interface 370, and/orthe like) may select a pseudorandom integer within a range of integers,as described above.

As further shown in FIG. 5 , process 500 may include checking thepseudorandom integer against a sieve to determine whether a candidateprime, based on known prime integers and the pseudorandom integer, isdivisible by any of a set of sieving primes (block 520). For example,the device (e.g., using processor 320, memory 330, storage component340, input component 350, output component 360, communication interface370, and/or the like) may check the pseudorandom integer against a sieveto determine whether a candidate prime, based on known prime integersand the pseudorandom integer, is divisible by any of a set of sievingprimes, as described above.

As further shown in FIG. 5 , process 500 may include selectively:re-performing, based on a determination that the candidate prime isdivisible by any of the set of sieving primes, the selection of thepseudorandom integer within the range of integers and the check of thepseudorandom integer against the sieve, or generating, based on adetermination that the candidate prime is not divisible by any of theset of sieving primes, the candidate prime for primality testing,wherein the candidate prime is based on the known prime integers and thepseudorandom integer (block 530). For example, the device (e.g., usingprocessor 320, memory 330, storage component 340, input component 350,output component 360, communication interface 370, and/or the like) mayselectively re-perform, based on a determination that the candidateprime is divisible by any of the set of sieving primes, the selection ofthe pseudorandom integer within the range of integers and the check ofthe pseudorandom integer against the sieve, or generate, based on adetermination that the candidate prime is not divisible by any of theset of sieving primes, the candidate prime for primality testing,wherein the candidate prime is based on the known prime integers and thepseudorandom integer, as described above. In some implementations, thecandidate prime is based on the known prime integers and thepseudorandom integer.

As further shown in FIG. 5 , process 500 may include determining whetherthe candidate prime satisfies a primality test (block 540). For example,the device (e.g., using processor 320, memory 330, storage component340, input component 350, output component 360, communication interface370, and/or the like) may determine whether the candidate primesatisfies a primality test, as described above.

As further shown in FIG. 5 , process 500 may include selectively:re-performing, based on the candidate prime failing the primality test,the selection of the pseudorandom integer, the check of the pseudorandominteger against the sieve, and the selective re-performance of theselection of the pseudorandom integer and the check of the pseudorandominteger against the sieve or the generation of the candidate prime, andthe determination of whether the candidate prime satisfies the primalitytest, or using, based on the candidate prime satisfying the primalitytest, the candidate prime as a prime integer in a cryptographic protocolor in generation of a large prime that is greater than the candidateprime (block 550). For example, the device (e.g., using processor 320,memory 330, storage component 340, input component 350, output component360, communication interface 370, and/or the like) may selectivelyre-perform, based on the candidate prime failing the primality test, theselection of the pseudorandom integer, the check of the pseudorandominteger against the sieve, and the selective re-performance of theselection of the pseudorandom integer and the check of the pseudorandominteger against the sieve or the generation of the candidate prime, andthe determination of whether the candidate prime satisfies the primalitytest, or use, based on the candidate prime satisfying the primalitytest, the candidate prime as a prime integer in a cryptographic protocolor in generation of a large prime that is greater than the candidateprime, as described above.

Process 500 may include additional implementations, such as any singleimplementation or any combination of implementations described belowand/or in connection with one or more other processes describedelsewhere herein.

In a first implementation, the primality test comprises a Pocklingtontest.

In a second implementation, alone or in combination with the firstimplementation, process 500 includes selecting the pseudorandom integerbased on a Galois register or a linear feedback shift register.

In a third implementation, alone or in combination with one or more ofthe first and second implementations, the pseudorandom integer is apseudorandom starting value within the range of integers.

In a fourth implementation, alone or in combination with one or more ofthe first through third implementations, process 500 includesdetermining, based on satisfaction of a timing threshold, to replace theknown prime integers with replacement known prime integers; selecting anadditional pseudorandom integer within the range of integers; checkingthe additional pseudorandom integer against the sieve to determinewhether a candidate replacement prime, generated based on a product ofthe replacement known prime integers and the additional pseudorandominteger, is divisible by any of the set of sieving primes; selectively:re-performing, based on a determination that the candidate replacementprime is divisible by any of the set of sieving primes, the selection ofthe additional pseudorandom integer within the range of integers and thecheck of the additional pseudorandom integer against the sieve, orgenerating the candidate replacement prime for primality testing; anddetermining whether the candidate replacement prime satisfies theprimality test; and selectively: re-performing, based on the candidatereplacement prime failing the primality test, the selection of theadditional pseudorandom integer, the check of the additionalpseudorandom integer against the sieve, and the selective re-performanceof the selection of the additional pseudorandom integer and the check ofthe additional pseudorandom integer against the sieve or the generationof the candidate replacement prime, and the determination of whether anadditional candidate replacement prime satisfies the primality test, orusing, based on the candidate replacement prime satisfying the primalitytest, the candidate replacement prime as the replacement prime integerin the cryptographic protocol or in generation of replacement largeprime that is greater than the replacement prime integer.

In a fifth implementation, alone or in combination with one or more ofthe first through fourth implementations, process 500 includesgenerating a private key, generating a public key, authenticating a keyreceived from another device, or establishing a shared key with anotherdevice

Although FIG. 5 shows example blocks of process 500, in someimplementations, process 500 may include additional blocks, fewerblocks, different blocks, or differently arranged blocks than thosedepicted in FIG. 5 . Additionally, or alternatively, two or more of theblocks of process 500 may be performed in parallel.

FIG. 6 is a flow chart of an example process 600 for prime numbergeneration for encryption. In some implementations, one or more processblocks of FIG. 6 may be performed by a device (e.g., first device 210).In some implementations, one or more process blocks of FIG. 6 may beperformed by another device or a group of devices separate from orincluding the device, such as a second device (e.g., second device 220),and/or the like.

As shown in FIG. 6 , process 600 may include performing a selection of apseudorandom integer within a range of integers, the selection of thepseudorandom integer comprising: selection of a candidate pseudorandominteger, performance of a check of the candidate pseudorandom integeragainst a sieve to determine whether a candidate prime, that is based onthe candidate pseudorandom integer, is divisible by any of a set ofsieving primes, and selective: re-performance, based on a determinationthat the candidate prime is divisible by any of the set of sievingprimes, of the selection of the candidate pseudorandom integer and thecheck of the candidate pseudorandom integer against the sieve, orgeneration, based on a determination that the candidate prime is notdivisible by any of the set of sieving primes, of the candidate primefor primality testing, wherein the candidate prime is based on a productof known prime integers and the pseudorandom integer (block 610). Forexample, the device (e.g., using processor 320, memory 330, storagecomponent 340, input component 350, output component 360, communicationinterface 370, and/or the like) may perform a selection of apseudorandom integer within a range of integers, the selection of thepseudorandom integer comprising: selection of a candidate pseudorandominteger, performance of a check of the candidate pseudorandom integeragainst a sieve to determine whether a candidate prime, that is based onthe candidate pseudorandom integer, is divisible by any of a set ofsieving primes, and selective: re-performance, based on a determinationthat the candidate prime is divisible by any of the set of sievingprimes, of the selection of the candidate pseudorandom integer and thecheck of the candidate pseudorandom integer against the sieve, orgeneration, based on a determination that the candidate prime is notdivisible by any of the set of sieving primes, of the candidate primefor primality testing, wherein the candidate prime is based on a productof known prime integers and the pseudorandom integer, as describedabove.

As further shown in FIG. 6 , process 600 may include selectively:re-performing, based on the candidate prime failing a primality test,the performance of the selection of the pseudorandom integer, or using,based on the candidate prime satisfying the primality test, thecandidate prime as a prime integer in a cryptographic protocol or ingeneration of another prime (block 620). For example, the device (e.g.,using processor 320, memory 330, storage component 340, input component350, output component 360, communication interface 370, and/or the like)may selectively re-perform, based on the candidate prime failing aprimality test, the performance of the selection of the pseudorandominteger, or use, based on the candidate prime satisfying the primalitytest, the candidate prime as a prime integer in a cryptographic protocolor in generation of another prime, as described above.

Process 600 may include additional implementations, such as any singleimplementation or any combination of implementations described belowand/or in connection with one or more other processes describedelsewhere herein.

In a first implementation, the primality test comprises a Pocklingtontest.

In a second implementation, alone or in combination with the firstimplementation, the candidate prime is further based on adding 1 to theproduct of known prime integers and the pseudorandom integer.

In a third implementation, alone or in combination with one or more ofthe first and second implementations, a first iteration of thepseudorandom integer is a pseudorandom starting value within the rangeof integers.

In a fourth implementation, alone or in combination with one or more ofthe first through third implementations, a second iteration of thepseudorandom integer is based on a first iteration of the pseudorandominteger.

In a fifth implementation, alone or in combination with one or more ofthe first through fourth implementations, process 600 includesgenerating a private key, generating a public key, authenticating a keyreceived from another device, or establishing a shared key with anotherdevice.

Although FIG. 6 shows example blocks of process 600, in someimplementations, process 600 may include additional blocks, fewerblocks, different blocks, or differently arranged blocks than thosedepicted in FIG. 6 . Additionally, or alternatively, two or more of theblocks of process 600 may be performed in parallel.

The foregoing disclosure provides illustration and description, but isnot intended to be exhaustive or to limit the implementations to theprecise forms disclosed. Modifications and variations may be made inlight of the above disclosure or may be acquired from practice of theimplementations.

As used herein, the term “component” is intended to be broadly construedas hardware, firmware, and/or a combination of hardware and software.

Some implementations are described herein in connection with thresholds.As used herein, satisfying a threshold may, depending on the context,refer to a value being greater than the threshold, more than thethreshold, higher than the threshold, greater than or equal to thethreshold, less than the threshold, fewer than the threshold, lower thanthe threshold, less than or equal to the threshold, equal to thethreshold, or the like.

It will be apparent that systems and/or methods described herein may beimplemented in different forms of hardware, firmware, or a combinationof hardware and software. The actual specialized control hardware orsoftware code used to implement these systems and/or methods is notlimiting of the implementations. Thus, the operation and behavior of thesystems and/or methods are described herein without reference tospecific software code—it being understood that software and hardwarecan be designed to implement the systems and/or methods based on thedescription herein.

Even though particular combinations of features are recited in theclaims and/or disclosed in the specification, these combinations are notintended to limit the disclosure of various implementations. In fact,many of these features may be combined in ways not specifically recitedin the claims and/or disclosed in the specification. Although eachdependent claim listed below may directly depend on only one claim, thedisclosure of various implementations includes each dependent claim incombination with every other claim in the claim set.

No element, act, or instruction used herein should be construed ascritical or essential unless explicitly described as such. Also, as usedherein, the articles “a” and “an” are intended to include one or moreitems, and may be used interchangeably with “one or more.” Further, asused herein, the article “the” is intended to include one or more itemsreferenced in connection with the article “the” and may be usedinterchangeably with “the one or more.” Furthermore, as used herein, theterm “set” is intended to include one or more items (e.g., relateditems, unrelated items, a combination of related and unrelated items,etc.), and may be used interchangeably with “one or more.” Where onlyone item is intended, the phrase “only one” or similar language is used.Also, as used herein, the terms “has,” “have,” “having,” or the like areintended to be open-ended terms. Further, the phrase “based on” isintended to mean “based, at least in part, on” unless explicitly statedotherwise. Also, as used herein, the term “or” is intended to beinclusive when used in a series and may be used interchangeably with“and/or,” unless explicitly stated otherwise (e.g., if used incombination with “either” or “only one of”).

What is claimed is:
 1. A method, comprising: determining, by a device,that a first candidate prime fails a primality test, wherein the firstcandidate prime is a product based on a product of known prime integersand a first pseudorandom integer within a range of integers; adjustingthe range of integers or a step size associated with the range ofintegers based on failing to identify a potential second pseudorandominteger using a Galois register or a linear feedback shift register;identifying a second pseudorandom integer within the range of integersbased on adjusting the range of integers or the step size; andgenerating, by the device, a second candidate prime for primalitytesting, wherein the second candidate prime is based on a product ofanother product of the known prime integers and the second pseudorandominteger.
 2. The method of claim 1, wherein the first pseudorandominteger is generated based on satisfying a size constraint.
 3. Themethod of claim 1, wherein the first pseudorandom integer isadditionally based on an addend and one or more integer constraints. 4.The method of claim 1, wherein the second pseudorandom integer is basedon stepping through values to avoid repeating pseudorandom integervalues.
 5. The method of claim 1, wherein the step size is based onrandom or pseudorandom selections.
 6. The method of claim 1, wherein theprimality test includes an application of a Pocklington test based ondetermining that the first pseudorandom integer is not divisible by asieving prime of a set of sieving primes.
 7. The method of claim 1,wherein the first pseudorandom integer is generated based on a groupstructure constraint.
 8. A non-transitory computer-readable mediumstoring a set of instructions, the set of instructions comprising: oneor more instructions that, when executed by one or more processors of adevice, cause the device to: determine that a first candidate primefails a primality test, wherein the first candidate prime is a productbased on a product of known prime integers and a first pseudorandominteger within a range of integers; adjust the range of integers or astep size associated with the range of integers based on failing toidentify a potential second pseudorandom integer using a Galois registeror a linear feedback shift register; identify a second pseudorandominteger within the range of integers based on adjusting the range ofintegers or the step size; and generate a second candidate prime forprimality testing, wherein the second candidate prime is based on aproduct of another product of the known prime integers and the secondpseudorandom integer.
 9. The non-transitory computer-readable medium ofclaim 8, wherein the first pseudorandom integer is generated based onsatisfying a size constraint.
 10. The non-transitory computer-readablemedium of claim 8, wherein the first pseudorandom integer isadditionally based on an addend and one or more integer constraints. 11.The non-transitory computer-readable medium of claim 8, wherein thesecond pseudorandom integer is based on stepping through values to avoidrepeating pseudorandom integer values.
 12. The non-transitorycomputer-readable medium of claim 8, wherein the step size is based onrandom or pseudorandom selections.
 13. The non-transitorycomputer-readable medium of claim 8, wherein the primality test includesan application of a Pocklington test based on determining that the firstpseudorandom integer is not divisible by a sieving prime of a set ofsieving primes.
 14. The non-transitory computer-readable medium of claim8, wherein the first pseudorandom integer is generated based on a groupstructure constraint.
 15. A device, comprising: one or more memories;and one or more processors to: determine that a first candidate primefails a primality test, wherein the first candidate prime is a productbased on a product of known prime integers and a first pseudorandominteger within a range of integers; adjust the range of integers or astep size associated with the range of integers based on failing toidentify a potential second pseudorandom integer using a Galois registeror a linear feedback shift register; identify a second pseudorandominteger within the range of integers based on adjusting the range ofintegers or the step size; and generate a second candidate prime forprimality testing, wherein the second candidate prime is based on aproduct of another product of the known prime integers and the secondpseudorandom integer.
 16. The device of claim 15, wherein the firstpseudorandom integer is generated based on satisfying a size constraint.17. The device of claim 15, wherein the first pseudorandom integer isadditionally based on an addend and one or more integer constraints. 18.The device of claim 15, wherein the step size is based on random orpseudorandom selections.
 19. The device of claim 15, wherein theprimality test includes an application of a Pocklington test based ondetermining that the first pseudorandom integer is not divisible by asieving prime of a set of sieving primes.
 20. The device of claim 15,wherein the first pseudorandom integer is generated based on a groupstructure constraint.